Originally posted by hussam
View Post
Announcement
Collapse
No announcement yet.
Gentoo Was Compromised On GitHub
Collapse
X
-
When is the 'rm -rf /' executed ? Because this might still be true:
> Does the fact that root is owner on some ccache subfolders suggest that
> ccache is ran as root at some point ?
It definitely ran as root. With FEATURES=userpriv, some phases (such as pkg_setup) still run as root, so it looks like one of these other phases called the compiler. [...]
Well, you can't stop the compiler from being called during phases that run as root. [...] It should not be a security issue, as long as you don't grant "portage" group access to untrusted users.
Comment
-
I believe you can use Gentoo's gitweb repo too. I stay clear of github unless it's the only way.
git://anongit.gentoo.org/repo/gentoo.git
I have my own 'build' service where I sync from gentoo (git/distfiles/etc...) and not github. Github is how you get noticed, gitlab, cgit and gitweb, seem sufficient for a lot of usecases, imo.Last edited by pcxmac; 29 June 2018, 04:16 AM.
Comment
-
When is the 'rm -rf /' executed ? Because this is likely still be true today:
> Does the fact that root is owner on some ccache subfolders suggest that
> ccache is ran as root at some point ?
It definitely ran as root. With FEATURES=userpriv, some phases (such as pkg_setup) still run as root, so it looks like one of these other phases called the compiler.
[...]
Well, you can't stop the compiler from being called during phases that run as root. [...] It should not be a security issue, as long as you don't grant "portage" group access to untrusted users.
Comment
-
Originally posted by ihatemichaelI suspect we are going to start seeing more and more of these attacks, this is how GitHub begins to die.
Speculation is worthless at this stage, it's ultimately a compromised credential and nothing special in that regard.
- Likes 1
Comment
Comment